- WhatsApp has fixed a security flaw in its View Once feature that allowed unauthorized access to disappearing media.
- Crypto wallet startup Zengo discovered the vulnerability in August 2023 through their web app research.
- The initial patch by WhatsApp did not fully resolve the security issue.
- Meta’s latest update prevents unauthorized devices from accessing View Once messages.
- Security researchers indicate potential remaining vulnerabilities in sender devices.
WhatsApp Patches Major Privacy Vulnerability in Disappearing Media Feature
Meta’s messaging platform WhatsApp has implemented a comprehensive fix for a security vulnerability in its View Once feature, addressing a flaw first identified by cryptocurrency wallet provider Zengo in August 2023. The patch comes after months of security concerns about the privacy of supposedly self-destructing media content.
Technical Vulnerability Details
The security flaw, documented by Zengo’s research team, revealed that WhatsApp’s View Once feature could be bypassed through the platform’s web application. The feature, designed to automatically delete media files after a single viewing, failed to enforce restrictions at the API server level.
Zengo’s co-founder Tal Be’ery explained: "When we looked into the implementation details we were very surprised to find that although ‘View Once’ is meant to be limited to platforms in which the app can control its displayed content and prevent other processes from abusing it, it is not enforced by WhatsApp’s API server."
Remaining Security Considerations
While the new update represents a significant improvement, Be’ery notes persistent security concerns:
- Sender devices still retain access to View Once messages
- Potential forensic extraction risks remain
- Increased attack surface due to message availability on multiple sender devices
The discovery emerged from Zengo’s research into messaging platforms as part of their development of Multi-Party Computation (MPC) cryptocurrency wallet technology. The company’s technical team constructed an unofficial WhatsApp client based on open-source web client implementation to demonstrate the vulnerability.
Meta’s response included an initial patch that proved insufficient, followed by the current more comprehensive solution that prevents unauthorized devices from accessing View Once messages, though security experts maintain that additional improvements could further enhance user privacy.
✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Crypto Fashion Brand 9dcc to Drop Mystery Box with CryptoPunk NFT Prize
- Romania Seizes $7M From Crypto Entrepreneur in Election Fraud Investigation
- Binance CEO Hints at Possible U.S. Return Amid Crypto-Friendly Trump Victory
- Ripple’s Political Donations Pay Off as XRP Token Surges 400% After Elections
- XRP Leads Crypto Selloff as Bitcoin’s $100K Push Triggers $1.5B Liquidations
